> I can’t recommend libreboot enough, or even heads if libreboot isn’t your speed.
Why though? Not a single reason mentioned in post about why would it be better than whatever stock BIOS the laptop is shipped with.
> I can’t recommend libreboot enough, or even heads if libreboot isn’t your speed.
Why though? Not a single reason mentioned in post about why would it be better than whatever stock BIOS the laptop is shipped with.
Some people prefer to know exactly what their computer does, either to enable debugging in obscure cases or due to security concerns.
Thanks to Intel, who has invented the completely unnecessary System Management Mode, to compensate for the laziness of Microsoft, who could not be bothered to update MS-DOS and Windows with some features required in modern computers, now the BIOS has the ability to do whatever it wants on your computer, without this being detectable by the owner.
Hopefully the BIOS writers do not abuse this, and the many problems caused by BIOSes are due to unintentional bugs and not due to malice, but it would still better to be certain that your firmware does not do anything nefarious.
When debugging hardware problems, it is also much simpler when you are certain about what the computer really does, instead of not knowing whether the BIOS takes control when certain hardware events happen, overriding any policies that you may try to implement in your operating system.
Replacing the proprietary BIOS still does not provide complete control over what you own, as there are auxiliary CPUs with their own agenda, but it is still much closer to full control than when you do not know what the BIOS does.
> Hopefully the BIOS writers do not abuse this
Unfortunately, they have. Multiple examples from the excellent Cathode Ray Dude:
https://www.youtube.com/watch?v=q5M0TwnkWUM https://www.youtube.com/watch?v=ssob-7sGVWs
The goal of that blog post is not to sell you something.
This can be confusing on HN, I know.
A recommendation without context is pointless. A recommendation with context could be very helpful!
Burma Shave.
You've unlocked a hilarious memory of driving through southern California and seeing all these signs as a kind of one-word-at-a-time advertisement back in the 90s. Someone had to have recreated them as some kind of joke because all the original signs had been gone for decades.
Is google down?
[flagged]
It replaces a proprietary component of your system with an open source one.
Reading https://libreboot.org/#why-use-libreboot might provide further enlightenment.
That still doesn't answer the question of why it's better. Unless you're paranoid about an OEM backdoor, I think this is cool but not worth the effort.
I think firstly is the FOSS obsession and backdoor paranoia from evangelists, and secondly and the more practical one is that the proprietary IBM BIOS is full of bugs and anti-consumer blacklists and whitelists designed to limit repairability and upgradeability, which stil boggle my mind on how those laptops got such a good image on that front.
I mean, maybe paranoia is the wrong word.. it's not something that I'm personally worried about, but stuff like that has actually happened.
>but stuff like that has actually happened
Yes, if you live and organize your life around things that are unlikely to happen to you, but only because they've happened ONCE to someone else, typically a high value target by state actors, that's called paranoia.
Most people are not gonna be targeted via BIOS hacks. From state actors to online scammers they all have easier ways to getting your data remotely.
> Most people are not gonna be targeted via BIOS hacks.
This is not really true:
https://www.techdirt.com/articles/20150812/11395231925/lenov...
I'm not sure that's paranoia (as others have pointed out, OEM firmwares have had security problems before), but sure, let's ignore security problems for a moment.
1. Firmware contains bugs. Old proprietary firmware tends to not get fixes. If you switch to an open source version, you can get the bugs fixed.
(Edit) 1.a. Old proprietary firmware also doesn't tend to get new features, and open source replacements can cover that. (eg. booting over HTTP(S) or security features to help against Evil Maid attacks)
2. Libreboot claims to be faster to boot than the vendor firmware. Depending on the particular device/firmware, that wouldn't surprise me at all.
Yes, I said in another comment that I might have used the wrong word. It's still not something I have a lot of motivation to do something about. At least not until the process is easy.
> Unless you're paranoid about an OEM backdoor
Lenovo does have a history with installing a very obvious spyware rootkit on their consumer PCs[0].
[0]https://support.lenovo.com/us/en/product_security/ps500035-s...
I think you've pretty much summed it up.
As far as I'm aware, it has less functionality than the OEM, so you use it to _remove_ features (good and/or bad).
Aside from that, I suppose it means you can run a more up to date firmware if yours is no longer maintained, but I'm not sure what that means in practical terms.
There's also the "hyper paranoid" fork "canoeboot" which has no proprietary blobs, and presumably _even less_ functionality.
The short answer is; if you don't know why you want it or need it, you probably don't.
This answer is "do it out of principle". OP is looking for the practical considerations.
As far as I can tell, this is the only reason, you'll likely lose a bunch of functionality (that's been my experience); so "principle" is the only reason I'm aware of (or minimalism, but that's a principle too is it not?).
I suppose if nothing else, you can run a more up to date firmware if the vendor stopped supporting yours, but I have no idea what that means in a practical sense.
I don't really feel like I've lost any functionality, personally?
If I weren't using binary blobs in the firmware, I think I would have more trouble, but that is Canoeboot to my knowledge, not Libreboot. ^^